如何配置Azure APIM以根据用户路由到不同的后端?

本文介绍了如何配置Azure APIM以根据用户路由到不同的后端?的处理方法，对大家解决问题具有一定的参考价值，需要的朋友们下面随着小编来一起学习吧！

问题描述

我有多次运行相同的API并连接到不同的数据库，这些数据库代表每个连接的用户的私有数据.

I have the same API running multiple times connecting to different databases which represents the private data of each user that connects.

我有一个通过Active Directory进行身份验证的网站，以确定哪个用户已连接.无论登录到哪个用户，都进行相同的API调用，但是，API调用根目录下的主机必须取决于登录的用户.

I have one web site that authenticates with Active Directory to determine which user is connected. The same API calls are made whichever user is logged in, however, the host at the root of the API call needs to be dependent on the user logged in.

如何根据登录的用户将Azure API管理配置为路由到正确的主机?

How do I configure Azure API Management to route to the correct host depending on which user is logged in?

一个基于true/false路由到2个不同功能应用程序的简单策略是:

A simple policy that routes to 2 different function apps based on true/false is:

 <policies>
    <inbound>
        <base />
        <set-method>GET</set-method>
        <choose>
            <when condition="true">
                <set-backend-service base-url="https://abc-apim.azure-api.net/org2app" />
            </when>
            <when condition="false">
                <set-backend-service base-url="https://abc-apim.azure-api.net/org1app" />
            </when>
        </choose>
    </inbound>
    <backend>
        <base />
    </backend>
    <outbound>
        <base />
    </outbound>
    <on-error>
        <base />
    </on-error>
</policies>

如何修改此设置以根据登录到Web应用程序的用户进行选择?

How do I modify this to make the choice based on the user that is logged in to the web app?

推荐答案

Azure API管理内置了用户"和组"(尽管也可以使用AD等外部源).

Azure API Management has Users and Groups built in to it (although it is possible to use external sources like AD as well).

如果使用这些用户和组(而不是外部的 )，则可以编写如下策略来进行路由:

If you use these Users and Groups (and not the external ones) you can write a policy like this to do the routing:

<policies>
    <inbound>
        <choose>
            <when condition="@(context.User.Groups.Select(g => g.Name).Contains("org1"))">
                <set-backend-service base-url="https://abc-apim.azure-api.net/org1app" />
            </when>
            <when condition="@(context.User.Groups.Select(g => g.Name).Contains("org2"))">
                <set-backend-service base-url="https://abc-apim.azure-api.net/org2app" />
            </when>
            <otherwise>
                <return-response>
                    <set-status code="401" reason="Unauthorized" />
                    <set-header name="WWW-Authenticate" exists-action="override">
                        <value>Bearer error="Invalid user group"</value>
                    </set-header>
                </return-response>
            </otherwise>
        </choose>
        <base />
    </inbound>
    <backend>
        <base />
    </backend>
    <outbound>
        <base />
    </outbound>
    <on-error>
        <base />
    </on-error>
</policies>

这篇关于如何配置Azure APIM以根据用户路由到不同的后端?的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持！